BID:52612

Multiple AntiVirus Products CVE-2012-1443 RAR File Scan Evasion Vulnerability

Info

Multiple AntiVirus Products CVE-2012-1443 RAR File Scan Evasion Vulnerability

Bugtraq ID:	52612
Class:	Design Error
CVE:	CVE-2012-1443
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 19 2015 08:41AM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	VirusBlokAda VBA32 3.12.14 2 Trend Micro VirusBuster 13.6.151 0 Trend Micro Trend Micro 9.120 1004 Trend Micro HouseCall 9.120 1004 Symantec AntiVirus 20101.3 103 Sophos Anti-Virus 4.61 Rising Antivirus 22.83 03 Quick Heal Technologies CAT-QuickHeal 11.00 PCTools Antivirus 7.0.3 5 Panda Antivirus 10.0.2 7 Norman Antivirus 6.6.12 McAfee McAfee-GW-Edition 2010.1C K7 Computing Pvt Ltd K7AntiVirus 9.77.3565 INCA nProtect 2011-01-17.01 Ikarus Antivirus T3.1.1.97.0 G Data Software GData 21 Frisk Software F-Prot Antivirus 4.6.2 117 Fortinet Antivirus 4.2.254 0 F-Secure Antivirus 9.0.16160.0 Eset NOD32 5795 eSafe Antivirus 7.0.17 0 Emsisoft Antivirus 5.1 1 Comodo AntiVirus 7424 BitDefender AntiVirus 7.2 AVIRA AntiVir Engine 7.11.1 163 AVG AVG Anti-Virus 10.0 1190 Avast! Avast5 Antivirus 5.0.677 0 Avast! Antivirus 4.8.1351.0 Authentium Command Antivirus 5.2.11 5 Antiy Antiy-AVL 2.0.3 7 Ahnlab V3 Engine 2011.01.18.00

Not Vulnerable:

Discussion

Multiple AntiVirus Products CVE-2012-1443 RAR File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

Rising Antivirus 22.83.00.03
Quick Heal Technologies CAT-QuickHeal 11.00
G Data Software GData 21
Symantec AntiVirus 20101.3.0.103
Authentium Command Antivirus 5.2.11.5
Ikarus Antivirus T3.1.1.97.0
Emsisoft Antivirus 5.1.0.1
PCTools Antivirus 7.0.3.5
Frisk Software F-Prot Antivirus 4.6.2.117
Trend Micro VirusBuster 13.6.151.0
Fortinet Antivirus 4.2.254.0
Antiy Antiy-AVL 2.0.3.7
K7 Computing Pvt Ltd K7AntiVirus 9.77.3565
Trend Micro TrendMicro-HouseCall 9.120.0.1004
Sophos Antivirus 4.61.0
Eset NOD32 5795
AVIRA AntiVir Engine 7.11.1.163
Norman Antivirus 6.06.12
McAfee McAfee 5.400.0.1158
Panda Antivirus 10.0.2.7
McAfee McAfee-GW-Edition 2010.1C
Trend Micro TrendMicro 9.120.0.1004
Comodo AntiVirus 7424
BitDefender AntiVirus 7.2
eSafe Antivirus 7.0.17.0
F-Secure Antivirus 9.0.16160.0
INCA nProtect 2011-01-17.01
Ahnlab V3 Engine 2011.01.18.00
AVG AVG Anti-Virus 10.0.0.1190
Avast! Antivirus 4.8.1351.0
Avast! Avast5 Antivirus 5.0.677.0
VirusBlokAda VBA32 3.12.14.2

Exploit / POC

Multiple AntiVirus Products CVE-2012-1443 RAR File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Solution / Fix

Multiple AntiVirus Products CVE-2012-1443 RAR File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Multiple AntiVirus Products CVE-2012-1443 RAR File Scan Evasion Vulnerability

References:

Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)